Intel: High-bandwidth Digital Content Protection cracked

Intel says that HDCP has been cracked, but they also say that it’s unlikely this information will be used to unlock the copying of anything. Their reasoning for the second statement is that for someone to make this work they would need to produce a computer chip, not something that is worth the effort.

We question that logic. Not so much for Blu-Ray, which is the commonly associated media format that uses HDCP, but for HD digital cable programming. There are folks out there who would like to have the option of recording their HD television shows without renting a DVR from the cable company. CableCard tuners have been mostly absent from the market, making this type of recording difficult or impossible. Now that there’s a proven way to get the encryption key for HDCP how hard would it really be to create a man-in-the-middle device that uses that key to authenticate, decrypt, and funnel the audio and video to another encoder card? We know next-to-nothing about the protocol but why couldn’t any powerful processor, like an ARM, or even an FPGA (both rather inexpensive and readily available) be programmed for this task?

Leave a comment to let us know what you think about HDCP, and what the availability of the master-key really means.

I’ve always thought it would be pretty easy to use an FPGA to spoof the display panel in a TV… of course you’d have to re-encode the video before you do anything with it.
Why bother attacking a crypto-system, when you can let it do its thing, and benefit from that?

there are off-the-shelf FPGA development boards with HDMI/DVI which would be all the hardware required.

this WILL happen and it will not be that difficult. If I had spare money I would probably give it a go but I lack motivation to purchase this and none of the FPGA boards I have have DVI/HDMI interfaces broken out nicely.

“but they also say that it’s unlikely this information will be used to unlock the copying of anything.”

This news is a little late, HaD, as Intel has put out another statement verifying the authenticity of the hack and stating that they will use their supposed monopoly on this combination of 1’s and 0’s to sue the bejesus out of anyone who they find has utilized this key in any product or software.

Seems like it’s a huge threat. I hope people aren’t scared of intel and go ahead and destroy HDCP once and for all; it’s done little to nothing to prevent copyright circumvention but it’s been a huge pain in the ass for tons of customers that just want to use the shit they paid for (I work in a TV shop; we get just about every complaint possible, so my perspectives a bit different).

@Johannesburgel, FPGAs can definitely act as HDMI transceivers. That’s the beauty of the massively parallel architecture. There are numerous development boards that can do this at 1080p with room to spare.

GRitchie’s find was the first thing I thought about when I read this post too.

Doesn’t seem like getting an unencrypted video feed has been terribly difficult anyway, even without the HDCP key being known. I mean, does anything actually even require HDCP? There are way too many components and TV’s out there without DVI/HDMI to make HDCP a requirement yet (or even in the near future).

For example, Netflix requires that any streaming device has HDCP. If you connect a Netflix-capable device to a TV or other component via DVI/HDMI, it HAS to use HDCP. But if you just use component video, you still get an HD image (keep in mind, nothing on Netflix is above 720p yet) with no restrictions.

If copying is your goal, you don’t even need to decode the stream in real time. You can capture the encrypted stream and decrypt it later; no matter how slow it is, you’ll end up with an unencrypted stream you can then copy, or whatever you want to do with it.

Get any HDMI receiver that can take an external HDCP key ROM (i.e. practically any one of them). Use the master table to generate a sink key. Take 24-bit pixel bus output and feed to a halfway decent FPGA (Spartan 3e, etc.) which does MPEG4/h.264 encode. Make this available via USB2, PCI or PCIe. Not exactly difficult, but not something just anyone could do, either.

Wouldn’t it be possible to use this key and develop something driver-level to intercept the video stream and dump it to disk? I’m not very familiar with HDCP other than the basics, but it seems to be that someone could “simulate” a hardware device in software and fake out HDCP with this key.

I don’t get why everyone want to decrypt it in real time… I have a computer with an Intel CPU – what can prevent me from just saving the stream and taking as long as I want to decrypt it on my computer?

and while talking about that, as was mentioned before, you could always grab the unencrypted data afterward so what’s the point of even messing with the encrypted stream?

Don’t know much about this but why not
E.g. re-engineer the netflix device, or just use the same chips as them.
You don’t have to do an independant hack, there is obviously devices out there that use hdcp hack them to do your bidding

i wouldn’t mind having a couple of devices. one to strip the encryption, transmit the data to my tv, and one on the outside of my tv to fool the tv into thinking its hooked up to an encryption capable device. i’m really tired of having to fight with my older tv just to get it to display blueray video or video from my cable box. It seems that half the time what ever handshaking is done, doesn’t happen right and i end up with a black screen or no audio. i SO hate DRM

I think you don’t need to build your own decrypter. Instead simply use a HDMI display interface chip which uses external key storage, say ADV7604 from Analog, and you already have a fully functional decrypter. Simply generate your keys off-line and pop them in an i2c eeprom for the HDMI chip to read as it wants.

Of course, you still have the small matter of buffering 24 bits of video at ~130MHz, but that’s something that’s easy to do with an FPGA.

What exactly is the point of decrypting HDCP? Movies can be read right off the disc, and most pirated television is recorded off of uncrippled satellite receivers and distributed through torrents.

Does anyone even make HDMI recording hardware for computers? It always struck me as part of the “analog hole” anyway, since it’s a pain to record in real time and recompress. Like macrovision, it’s so much easier and better to steal straight from the source. The only thing it accomplishes is making honest users’ hardware not work properly.

Why, oh why do they keep such a broken system around? Are media executives really this dumb? Intel comes in and says “We’ll sell you this ultra high security system which no one can get through. Um, just ignore the back door swinging wide open.”

Oh well, at the rate it’s going I’ll be priced out of TV viewing, and viewing recorded material on the TV. I hadn’t turn on my TV since the switch in Jan. 09, and didn’t get the one broadcast station I thought I’d get with the antenna system in use. Nice to read what’s going on in the digital TV world though.

A good FPGA will make mince-meat of a task like this. What I want to see someone build a custom interface and make use of CUDA or OpenCL to do the decryption. A well-build 8-core desktop with 3 dual-die GPU’s will have no issue blasting though something like this.

Hasn’t HDCP been cryptographically broken since before it was released on a single device? I mean, this is neat and all, but it’d be nice if the industry just let me connect my goddamn TV without dealing with this bullshit, broken DRM. I can’t get my cable box and my TV hooked up to my receiver without extra cables because the receiver doesn’t decode HDCP bullshit. I have to use Toslink or Coax (digital audio, not CATV) cables from each device. Fucking stupid.

I’m still thinking the FPGA is ‘better’ route to go. I know FPGAs can handle LSFRs well. I would think the FPGA route would be simpler overall (DVI/HDMI interface, HDCP handshaking, HDCP decode, raw->mpeg conversion)

On the capturing raw bits and storing them on a harddrive for CPU/GPU processing topic: my concern isn’t the ~10TB storage, but the ~.3 to 1 GB/sec peak transfer rates. 2TB hard drives are fairly cheap, but building a RAID system to handle ~1GB/sec data transfer is not going to be as simple as getting 10 TB of hard drive space. Additionally, you’ll need a method of getting capturing ~1GB/sec peak, which will probably use and FPGA, so why just to it all on the FPGA and get a ‘nice’ MPEG stream out?

There have been devices that strip HDCP out for years, they’re costly, $300+ but you can get them. In fact if you’ve seen an HD version of Errol Flynn as Robin Hood or Gone With the Wind in a cinema (in Vegas at least) you’ve seen it on a cinema projector with no HDCP capability playback from a Blu-Ray player by way of a small HDMI-DVI dongle with HDCP stripping ability. HDCP is just a handshake, the “decoding” process is simple, the content is not encrypted bit by bit. The simplest way to put it is that the displat device tells the playback device “I’m cool man” and playback begins, the handshake continues ad infinitum down the data line until playback ends, the dongles just spoof it and pass the rest of the signal on to the non hdcp device.

They’ve sold boxes that pretend to be approved devices using cloned keys and have DVI outputs since the very start. In an amazing coincidence, every cloned key I’ve seen is from a device produced in China.

Netflix & Apple are booming while cable & satellite companies are losing premium content subscribers every month. The people who can afford $150/mo for cable TV expect to watch it on their own schedule while the unemployed have all the time in the world to circumvent any payment system.

Since all HDMI+HDCP devices have a key can’t you just insert that key into it via JTAG or some replacement flash chip or something and then have a box that decodes for you with existing hardware that way? And spews it out undecoded.
That way you don’t need to develop the chip at all.
I mean they design all devices before there is a key assigned I would expect, so they must be able to accept any key it recognizes as valid by some checksum system right?

A simple decrypter would be easy to do with an FPGA. I am more of a xilinx person so I looked at their offerings. The cheapest FPGA that could work would be the spartan3A200, maybe it is possible with a 3A50, but some extra authentication logic would be required, the 200 device would allow more breathing room.

Xilinx have a nice application note on how to do HDMI with the spartan3A serdes units.

This really doesn’t benefit anyone. I would not put the time into making a device to decode based on this key. While it is a master key that does not mean it will stay the master key. Every device using HDMI HDCP has a file in the firmware labeled HDCP.xxx , that is the master key file and it CAN be updated via flashing, usually located with the other microcode files for the media processor. No you cannot just copy that file and read the key as the file itself is encrypted. It would be a headache for consumers but no reason why manufacturers cannot implement another key.

All this will do is lead to more intrusive DRM, people seem to think that if they crack enough hardware the manufacturers will give up, sorry not going to happen, you only make them more determined. I see the next step as having to have your bluray connected to the net in order to even play the disc for some form of online activation.
Thanks for leaking the HDCP key, you really helped out us consumers :(

That is the wrong logic. If you do not buy and download more then the message you send is “I want your content”. You are telling the content producer that their is a demand for what they have, that means their content has value. Now if they can only force you to pay for it, that is what DRM is all about. The only way to get providers to change their stance on DRM is to stop buying, renting, downloading their content. You have to ignore what they produce as if the content did not exist. As long as people go to the box office , rent content , talk on forums about shows, from providers that use DRM you are part of the problem. If you show interest they will see that as $$$$.

@cgmark
people will want to watch something anyways, so there is only 2 options continue feeding corporations or show them the finger, and as more people download as harder it is to catch average Joe (lawsuits are too expensive to apply to general population) which will encourage people to download more and circle continue. Corporations will have to change as example we can see disappearance of CD’s

Nearly all external HDMI recievers that support HDCP output uncompressed digital pixel data anyways. You don’t need this key at all. And you’ll almost never find a box that supports HDCP but doesn’t already have a key.

If people really wanted to build an encoder board that splices into the already present parallel pixel data they would have done this years ago.

The ONLY people that benefit from this release are the Chinese/Taiwanese who can now make unlicensed HDMI/HDCP chips without having to pay expensive royalties. They can make their own keys without having to worry about each key being black-listed because they can make as many as they want.

Blackmagic makes the Intensity (both PCIe and USB 3.0 versions) that can capture a 1080p stream in realtime. That just leaves decrypting the stream. It might even be possible to hack the Intensity firmware to do HDCP decryption for you.

I hate to break it to Intel but you dont need to fab your own chip. there are commercially available chips for hdmi receiving that support HDCP, all you have to do is provide a valid key (which of course can be created using the now available master key) and it spits out an unencrypted RGB video stream. http://www.analog.com/static/imported-files/data_sheets/AD9393.pdf
$10.68 @ digikey (AD9393BBCZ-80-ND)